oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 10:36:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fall back to searching maven central using groupIDFromJavaMetadata (#2295)

Browse Source 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
This commit is contained in:
Colm O hEigeartaigh 2023-11-11 03:02:53 +00:00 committed by GitHub
parent 3f13d209a5
commit 7ccbadff34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
syft/pkg/cataloger/java/archive_parser.go
View File

@ -250,9 +250,33 @@ func (j *archiveParser) parseLicenses(manifest *pkg.JavaManifest) ([]pkg.License
} }
} }
// If we didn't find any licenses in the archive so far, we'll try again in Maven Central using groupIDFromJavaMetadata
if len(licenses) == 0 && j.cfg.UseNetwork {
licenses = findLicenseFromJavaMetadata(name, manifest, version, j, licenses)
}
return licenses, name, version, nil return licenses, name, version, nil
} }
func findLicenseFromJavaMetadata(name string, manifest *pkg.JavaManifest, version string, j *archiveParser, licenses []pkg.License) []pkg.License {
var groupID = name
if gID := groupIDFromJavaMetadata(name, pkg.JavaArchive{Manifest: manifest}); gID != "" {
groupID = gID
}
pomLicenses, err := recursivelyFindLicensesFromParentPom(groupID, name, version, j.cfg)
if err != nil {
log.Tracef("unable to get parent pom from Maven central: %v", err)
}
if len(pomLicenses) > 0 {
pkgLicenses := pkg.NewLicensesFromLocation(j.location, pomLicenses...)
if pkgLicenses != nil {
licenses = append(licenses, pkgLicenses...)
}
}
return licenses
}
type parsedPomProject struct { type parsedPomProject struct {
*pkg.JavaPomProject *pkg.JavaPomProject
Licenses []pkg.License Licenses []pkg.License